HP: Smartwatches have a gaping hole in cyber security

Imagine this nightmare scenario: Your smart refrigerator keeps telling you you have no juice in the house, but when you open the fridge – there’s nothing but juice in there!

You close the fridge door, and he goes again, this time showing a message on its AMOLED screen: I require more juice!

This scenario might actually be real, according to a new study by Hewlett Packard that says "100 per cent of the tested smartwatches contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns".

"Smartwatches with network and communication functionality represent a new and open frontier for cyber-attack", and they could be used to hack into things like cars, smart coffee makers and – you guessed it – refrigerators.

But on a more serious note, this is quite an issue. A 100 per cent of tested smartwatches – 10 to be exact – had serious flaws which could help hackers get a hold of sensitive personal information, such as health data.

If you use your smartwatch to start your car, it too will be exposed to risk.

"Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities," HP general manager Jason Schmitt said.

"As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks."

The biggest problems included weak authentication, making it easy for an attacker to gain access, and a lack of encryption.

Jason Du Preez, CEO of Privitar commented: “We are now in a world where potential privacy harms can have devastating effects – loss of self-determination, loss of trust, discrimination and significant economic loss. People need to be aware that any information shared, implicitly or explicitly could fall into the wrong hands.

"We should think carefully about which services we use, who we share with and how we express our preferences. We need to think carefully about transacting with organisations that cannot prove they have the right governance, controls and systems in place.

"If users are to have any confidence that their private information will remain private, companies need to think very seriously about how they protect and anonymise user’s data.”